VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 13, 2010· Updated Apr 29, 2026

CVE-2010-2370

CVE-2010-2370

Description

Oracle BPM 5.7, 6.0, and 10.3 are vulnerable to cross-site scripting, allowing attackers to steal cookies and execute arbitrary script.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Oracle BPM 5.7, 6.0, and 10.3 are vulnerable to cross-site scripting, allowing attackers to steal cookies and execute arbitrary script.

Vulnerability

An unspecified vulnerability exists in the Oracle Business Process Management component within Oracle Fusion Middleware versions 5.7 MP3, 6.0 MP5, and 10.3 MP2. This vulnerability is related to BPM and allows remote attackers to affect the integrity of the application [1].

Exploitation

This vulnerability is a cross-site scripting (XSS) issue where the application fails to properly sanitize user-supplied input. An attacker can exploit this by crafting a malicious URL that includes script code in the context parameter, such as http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=. This requires the attacker to trick a user into clicking the malicious link [1].

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks [1].

Mitigation

Fixed versions are not specified in the available references. No workarounds or EOL status are disclosed. This vulnerability is not listed on the KEV catalog.

References
  1. Oracle Business Process Management 10.3.2 - Cross-Site Scripting

AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

5
  • Oracle Corporation/Fusion Middleware4 versions
    cpe:2.3:a:oracle:fusion_middleware:10.3:mp2:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:oracle:fusion_middleware:10.3:mp2:*:*:*:*:*:*
    • cpe:2.3:a:oracle:fusion_middleware:5.7:mp3:*:*:*:*:*:*
    • cpe:2.3:a:oracle:fusion_middleware:6.0:mp5:*:*:*:*:*:*
    • (no CPE)range: 5.7 MP3, 6.0 MP5, 10.3 MP2
  • Next4Biz/Business Process Management (BPM)llm-fuzzy
    Range: 5.7 MP3, 6.0 MP5, 10.3 MP2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.